Lucene search
K

16 matches found

EUVD
EUVD
added 2 days ago9 views

EUVD-2026-36094

Fission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltration...

7.7CVSS5.9AI score0.00231EPSS
Exploits0References5
NVD
NVD
added 2026/06/17 8:17 p.m.11 views

CVE-2026-50107

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...

8.6CVSS0.00492EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 8:4 p.m.17 views

CVE-2026-50107 NGINX Gateway Fabric vulnerability

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...

8.6CVSS0.00492EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 8:4 p.m.9 views

EUVD-2026-37792

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...

8.6CVSS5.6AI score0.00492EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/06/17 1:43 p.m.11 views

K000161611: NGINX Gateway Fabric vulnerability CVE-2026-11311

Security Advisory Description When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens...

8.6CVSS5.5AI score0.0059EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/10 5:27 p.m.26 views

CVE-2026-50564 Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs fo...

9.9CVSS0.00274EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contain security vulnerabilities. These vulnerabilities arise from the exposure of spec.runtime.podSpec and spec.builder.podSpec in the Environment CRD during merging, without filterin...

9.9CVSS5.4AI score0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 10:13 a.m.6 views

CVE-2026-41174

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. When the Kubernetes Custom Resource Definition CRD provider's allowCrossNamespace setting is false, Traefik incorrectly processes nested middleware references. An attacker with permissions to create or update Traefik CRDs in...

6.4CVSS5.5AI score0.00254EPSS
Exploits1References8
Snyk
Snyk
added 2026/04/24 8:12 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the createChainMiddleware function. Even when providers.kubernetesCRD.allowCrossNamespace=false is set, references in spec.chain.middlewares may be followed to access objects in other namespaces. A user with...

6.4CVSS5.3AI score0.00254EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/17 9:37 p.m.9 views

CVE-2025-29781 Bare Metal Operator (BMO) can expose any secret from other namespaces via BMCEventSubscription CRD

The Bare Metal Operator BMO implements a Kubernetes API for managing bare metal hosts in Metal3. Baremetal Operator enables users to load Secret from arbitrary namespaces upon deployment of the namespace scoped Custom Resource BMCEventSubscription. Prior to versions 0.8.1 and 0.9.1, an adversary...

6.5CVSS6.8AI score0.00169EPSS
Exploits0References5
Veracode
Veracode
added 2025/01/13 1:48 a.m.7 views

Path Traversal

github.com/karmada-io/karmada is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths within custom resource definition CRD archives, allowing attackers to exploit a TarSlip vulnerability and write arbitrary files to arbitrary locations in the filesystem...

5.3CVSS6.7AI score0.00696EPSS
Exploits0References6Affected Software1
SUSE CVE
SUSE CVE
added 2024/12/23 4:3 a.m.2 views

SUSE CVE-2024-25131

A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource CRD of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can allow a standard...

8.8CVSS6.8AI score0.00754EPSS
Exploits0References4
OSV
OSV
added 2024/12/20 8:36 p.m.11 views

GO-2024-3109 The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD in github.com/metal3-io/baremetal-operator

The Bare Metal Operator BMO can expose particularly named secrets from other namespaces via BMH CRD in github.com/metal3-io/baremetal-operator...

4.9CVSS5.3AI score0.00574EPSS
Exploits0References8
Veracode
Veracode
added 2024/12/12 2:12 p.m.8 views

Sensitive Information Disclosure

Rancher Manager is vulnerable to sensitive information disclosure. The vulnerability is due to Helm values being stored directly in the Apps Custom Resource Definition and leaking into audit logs when the audit level is set to 2 or above, allowing users with GET access to read sensitive informati...

6.2CVSS6AI score0.00371EPSS
Exploits0
OSV
OSV
added 2023/07/08 11:5 a.m.3 views

OESA-2023-1414 kubernetes security update

Container cluster management. Security Fixes: Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are...

8.8CVSS6.9AI score0.02157EPSS
Exploits1References6
Prion
Prion
added 2022/01/19 10:15 p.m.9 views

Privilege escalation

Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have CREATE permission for gateways.gateway.networking.k8s.io objects can escalate this privilege to create other resources that th...

6CVSS8.9AI score0.00767EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder